Posted in

Director – IT Security

Director – IT Security

CompanyCarter’s
LocationAtlanta, GA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
DegreesBachelor’s
Experience LevelSenior, Expert or higher

Requirements

  • Proven experience in planning security strategy and IT security projects for a multi-billion, global organization. Public company experience is preferred.
  • Successful experience leading following domains: application security; security technologies and products; security engineering. Strong understanding of the following areas: analysis and investigations; risk assessment and management; disaster recovery.
  • In-depth knowledge of cloud architecture and platform operating systems, including Windows, Linux, and Unix.
  • Experience with Wide Area Network/Local Area Network/Wireless Network, TCP/IP and related protocols.
  • Strong knowledge of Intrusion Detections and Prevention techniques.
  • Understands disaster recovery (DR) planning and execution, and is able to influence IT infrastructure, IT application, and business owners on DR planning and practices.
  • Strong written and verbal skills and executive presence to interact effectively with all levels of leadership, board members, IT staff, vendors, auditors, 3rd party business application providers, and other parties impacting the company’s security state.
  • Experience with Managed Service Providers in providing security services including establishing protocol, measuring provider metrics, understanding contractual agreements, and general day-to-day monitoring and operational expectations.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.

Responsibilities

  • Management the day-to-day operations of the IT Security programs
  • Management of the Security Operations Center responsible for 24/7/365 security monitoring and threat detection/prevention for the organization
  • Develop and report on security operations dashboards, metrics and KPIs relevant to understanding and improving Carter’s security capabilities and defense levels
  • Monitors network of vendors and employees to ensure the safeguarding of information assets
  • Assist in the development, implementation, integration, and maintenance of the security strategy roadmap, including security tools and technologies
  • Provide leadership oversight for security tools deployment, implementation, adoption and maturity including applicable hardware, software, firewalls, intrusion detection systems, security event management systems, anti-virus and malware solutions, cryptography systems, access control systems, or any other solutions required for enterprise cyber and systems protection and monitoring
  • Develops and operationalize emergency procedures and incident response protocols. Acts as the control point during significant privacy and security incidents
  • Investigates security breaches, communicates and coordinate with appropriate partners and executive management
  • Conducts periodic penetration testing and security audits. Establishes risk assessment criteria and methodology
  • Builds and sustains strong relationships with Carter’s functional and technical teams and serves as a trusted advisor on security
  • Manage a multi-functional team of 7- 10 to include security engineering, security operations, and IT risk and compliance
  • Lead Managed Security Services Providers to augment the team’s ability to monitor and manage IT security events and security operations
  • Manage a significant operational and capital budget for the security organization
  • Support development of materials required for Audit Committee and Board presentations.

Preferred Qualifications

  • Bachelor Degree and 10+ years IT experience, with minimum 5 years of leadership in information security, preferably in retail industry.
  • Minimum 3 years of direct hands-on experience or direct management of firewall administration, intrusion detection systems, data encryption software, information security systems, event management systems, and working knowledge of switches and routers.
  • A Certified Information System Security Professional (CISSP) or equivalent certification from a recognized professional organization such as International Informational Systems Security Certification Consortium (ISC2), Global Assurance Certification (GIAC), or Information Systems Audit and Control Association (ISACA) is preferred.